Title:Template for Guidelines Governing Anti-Money Laundering and Countering Terrorism Financing of Securities Firms Date:2019.07.11 ( Amended ) This Template is adopted pursuant to the Money Laundering Control Act, the Counter-Terrorism Financing Act, the Regulations Governing Anti-Money Laundering of Financial Institutions, the Regulations Governing Internal Audit and Internal Control System of Anti-Money Laundering and Countering Terrorism Financing of Securities and Futures Business and Other Financial Institutions Designated by the Financial Supervisory Commission, and the Regulations Governing Reporting on the Properties or Property Interests and Locations of Designated Sanctioned Individuals or Entities by Financial Institutions. A securities firm’s customer due diligence (CDD) measures shall be as follows: 1. A securities firm shall decline to establish a business relationship or carry out any transaction with a customer in any of the following circumstances: A. The customer is suspected of using an anonymous account, an account in a fictitious name, a nominee, a shell entity, or a shell corporation. B. The customer refuses to provide documents relating to the CDD measures, unless the customer's identity has been verified by a reliable and independent source. C. A person acts on behalf of the customer, and it is difficult to check and verify the fact of authorization and identity-related information. D. The customer uses forged or altered identification documents. E. The customer provides only photocopies of the identification documents; provided, this does not apply to business for which a photocopy or image file of the identification document supplemented with other control measures are permissible under regulations. F. Documents provided by the customer are suspicious or unclear, the customer refuses to provide other supporting documents, or the documents provided cannot be authenticated. G. The customer delays inordinately in providing identification documents. H. A counterparty to the business relationship is an individual, legal person, or organization that is sanctioned under the Counter-Terrorism Financing Act, or a terrorist or terrorist group identified or investigated by a foreign government or an international anti-money laundering organization; provided, this does not apply to payments made under subparagraphs 1 to 3 of paragraph 1, Article 6 of the Counter-Terrorism Financing Act. I. Other unusual circumstances exist in the process of establishing a business relationship or conducting transactions and the customer fails to provide reasonable explanations.
25
Embed
Title Template for Guidelines Governing Anti-Money ...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Title:Template for Guidelines Governing Anti-Money Laundering and
Countering Terrorism Financing of Securities Firms
Date:2019.07.11 ( Amended )
This Template is adopted pursuant to the Money Laundering Control Act, the
Counter-Terrorism Financing Act, the Regulations Governing Anti-Money
Laundering of Financial Institutions, the Regulations Governing Internal Audit
and Internal Control System of Anti-Money Laundering and Countering Terrorism
Financing of Securities and Futures Business and Other Financial Institutions
Designated by the Financial Supervisory Commission, and the Regulations
Governing Reporting on the Properties or Property Interests and Locations of
Designated Sanctioned Individuals or Entities by Financial Institutions.
A securities firm’s customer due diligence (CDD) measures shall be as follows:
1. A securities firm shall decline to establish a business relationship or carry out
any transaction with a customer in any of the following circumstances:
A. The customer is suspected of using an anonymous account, an account in a
fictitious name, a nominee, a shell entity, or a shell corporation.
B. The customer refuses to provide documents relating to the CDD measures,
unless the customer's identity has been verified by a reliable and independent
source.
C. A person acts on behalf of the customer, and it is difficult to check and verify
the fact of authorization and identity-related information.
D. The customer uses forged or altered identification documents.
E. The customer provides only photocopies of the identification documents;
provided, this does not apply to business for which a photocopy or image file of
the identification document supplemented with other control measures are
permissible under regulations.
F. Documents provided by the customer are suspicious or unclear, the customer
refuses to provide other supporting documents, or the documents provided cannot
be authenticated.
G. The customer delays inordinately in providing identification documents.
H. A counterparty to the business relationship is an individual, legal person, or
organization that is sanctioned under the Counter-Terrorism Financing Act, or a
terrorist or terrorist group identified or investigated by a foreign government or an
international anti-money laundering organization; provided, this does not apply to
payments made under subparagraphs 1 to 3 of paragraph 1, Article 6 of the
Counter-Terrorism Financing Act.
I. Other unusual circumstances exist in the process of establishing a business
relationship or conducting transactions and the customer fails to provide
reasonable explanations.
2. CDD measures shall be conducted when:
A. Establishing business relations with any customer.
B. Carrying out any cash transaction (e.g. paying a settlement price in cash, or
subscribing to a single fund and paying the price in cash at the counter) of
NT$500,000 or more (including the foreign currency equivalent thereof).
C. There is a suspicion of money laundering or terrorism financing.
D. A securities firm has doubts about the veracity or adequacy of previously
obtained customer identification data.
3. The CDD measures to be taken are as follows:
A. Identifying the customer and verifying the customer’s identity using reliable,
independent source documents, data or information, and retaining copies of the
customer’s identity documents or recording the relevant information thereon.
B. Verifying that any person purporting to act on behalf of the customer is so
authorized, identifying and verifying the identity of that person using the method
specified in the preceding item, and retaining copies of the person’s identity
documents or recording the relevant information thereon.
C. Taking reasonable measures to identify and verify the identity of the beneficial
owner of a customer, including using reliable source data or information.
D. The CDD measures shall include learning about the purpose and intended
nature of the business relationship and obtaining relevant information in view of
the situation.
4. When the customer under the preceding subparagraph is an individual, at least
the following information shall be obtained to identify the customer:
A. Full name.
B. Birth date.
C. Domicile or residential address.
D. Official identification document number.
E. Nationality.
F. If a foreign national, the purpose of the residence or transactions (e.g. tourism
or work).
5. When establishing a business relationship with an individual customer who is
identified as a high risk customer or as having any high risk factor under
provisions relating to the assessment of risk of money laundering or terrorism
financing by customers of securities firms, at least one of the following items of
information shall be obtained:
A. Any name(s) or alias(es) previously used; examples of a name previously used
include a name used before marriage or a name used before a name change.
B. Work address, post office box address, email address (if any).
C. Telephone or mobile phone number.
6. When the customer is a legal person, an organization, or a trustee, the securities
firm shall, in accordance with subparagraph 3, understand the business nature of
the customer or trust (including any trust-like legal arrangement) and obtain at
least the following information to identify the customer or the trust and verify its
identity:
A.Name, legal form, and proof of existence of the customer or trust.
B. The charter or similar power documents that regulate and bind the legal person
or trust, except for in any of the following circumstances:
a.A counterparty that is listed under item C of subparagraph 7 hereof, and is free
of the circumstances in the proviso of subparagraph 3 of Point 4.
b. A customer that is an organization and acknowledges that it does not have a
charter or similar power document.
C. Names and other necessary information of persons having a senior management
position in the legal person, organization, or trustee (senior management personnel
may including directors, supervisors, governors, general managers/presidents,
chief financial officers, representatives, managers, partners, personnel with signing
authority, or any natural person who is equivalent to any of the above senior
management personnel. A securities firm shall use a risk-based approach to define
the scope of senior management personnel.
D. Official identification number: e.g. government uniform ID number, tax code
number, registration number.
E. The address of the registered office of the legal person, organization, or trustee,
and if different, the address of its principal place of business.
F.The purpose of the dealings with the offshore legal person, organization, or
trustee.
7. When the customer is a legal person, an organization, or a trustee, a securities
firm shall, in accordance with item C of subparagraph 6 hereof, understand the
ownership and control structure of the customer or the trust, and obtain the
following information to identify the beneficial owners of the customer and take
reasonable measures to verify the identity of such persons:
A. For legal persons or organizations:
a. The identity (e.g. the name, birth date, nationality, and identification document
number) of the natural person(s) who ultimately have a controlling ownership
interest. When a controlling ownership interest refers to directly or indirectly
owning more than 25 percent of a firm's shares or capital, the securities firm may
require the customer to provide a list of its shareholders or other documents to
help finish the identification procedure.
b. When no natural person having control through ownership interest is identified,
or when there is doubt about whether the natural person(s) with the controlling
ownership interest are the beneficial owner(s) under the provisions in the
preceding sub-item, a securities firm shall verify whether there is any natural
person(s) exercising control of the customer through other means. When necessary,
an undertaking by the customer may be obtained to verify the identity of the
beneficial owner(s).
c. Where no natural person is identified under (i) or (ii) above, a firm shall identify
and take reasonable measures to verify the identity of the relevant senior
management personnel.
B. For trustees: the identity of the settlor(s), the trustee(s), the trust supervisor, the
trust beneficiaries, and any other person exercising ultimate effective control over
the trust, or the identity of person(s) in equivalent or similar position.
C. Unless otherwise provided for in the proviso of subparagraph 3 of Point 4, or if
the customer has issued bearer shares, a securities firm is not subject to the
requirements of identifying and verifying the identity of beneficial owner(s) of a
customer as set out in item C of subparagraph 3 if the customer or the person
having a controlling ownership interest in the customer is:
a. An R.O.C government entity.
b. An enterprise owned by the R.O.C government.
c. A foreign government entity.
d. A public firm and its subsidiaries.
e. An entity listed on a stock exchange outside of the R.O.C. that is subject to
regulatory disclosure requirements of its principal shareholders, and the
subsidiaries of such entity.
f. A financial institution supervised by the R.O.C. government, and an investment
vehicle managed by such institution.
g. A financial institution incorporated or established outside R.O.C. that is subject
to and supervised for compliance with Anti-Money Laundering and Countering
the Financing of Terrorism (AML/CFT) requirements consistent with standards set
by the Financial Action Task Force on Money Laundering (FATF), and an
investment vehicle managed by such institution. The securities firm shall retain the
documentary evidence related to the aforesaid financial institution or investment
vehicle (e.g. records of publicly disclosed audit information, the financial
institution's anti-money laundering operational rules, records of searches for
adverse information, statements by the financial institution).
h. Funds managed by R.O.C. government agencies.
i. An employee stock ownership trust or employee welfare savings trust.
D. Contractual stipulations may be adopted to provide for the handling of the
following circumstances as follows:
a. The securities firm may refuse business dealings or terminate business relations
at its sole discretion under the circumstances in item H of subparagraph 1.
b. For customers such as unwilling to coordinate with the routine review, refusing
to provide beneficial owners or information about exercising the control over
customers, or unwilling to explain the nature and purpose of the transaction and
sources of the funds, and so on, the securities firm may temporarily suspend or
terminate its business relationship with the customer.
8. Method for verifying the identity of a customer who establishes a business
relationship with the securities firm, and of a person purporting to act on behalf of
the customer, and of a beneficial owner thereof:
A. Verification by documents:
a. Individual:
b. Verification of identity or birth date: Obtain unexpired official identification
documents with photos, e.g. national ID card, passport, Alien Resident Certificate,
driver's license. If there is any doubt about the valid period of an above document,
a certification or undertaking by an embassy or notary public shall be obtained. In
addition, in the case of a beneficial owner, the securities firm need not require
provision of the original identification document for verification, or the securities
firm may, in accordance with its own operational procedures, ask the legal person,
organization, or representative thereof, to issue a statement regarding the
information of the beneficial owners, but it is required that at least a portion of the
information specified in the statement be verifiable by other reliable documents or
sources of information such as documents evidencing company registration or
company annual reports.
c. Verification of address: Obtain the customer’s bills, reconciliation statements,
or documents issued by the government.
B. Legal person, organization, or trustee: Obtain documents such as certified
articles of incorporation, business license issued by the government, partnership
agreement, trust instrument, certification of incumbency. If the trustee is a trust
managed by a financial institution as stated in Article 5, paragraph 1 of the Money
Laundering Control Act, the trust deed may be substituted by a written document
issued by the financial institution. However, this does not apply if the country or
area where the financial institution is located in falls within the circumstances in
the proviso of subparagraph 3 of Point 4.
9. When necessary, verification may be carried out by means other than document
verification. For example:
C. Contact the customer via phone or letter after the account has been opened.
D. Information provided by another financial institution.
E. Cross validate information provided by the customer with other reliable public
information or paid database information.
Enhanced CDD shall be conducted for any customer who is identified as a high
risk customer or as having any high risk factor under provisions relating to the
assessment of risk of money laundering or terrorism financing by customers of
securities firms. For example:
10. Obtain a reply letter which is signed by the customer himself/herself or by an
authorized person of the customer, legal person, or organization, and which is in
reply to a letter sent to the address provided by the customer, or make telephone
inquiries.
11. Obtain supporting evidentiary materials regarding information on an
individual's wealth and sources of fund.
12. Obtain supporting evidentiary materials on the sources and flow of fund of a
legal person, organization, or trustee, such as a list of main suppliers, or a list of
main customers.
13. Site visit.
14. Obtain information on past dealings of the securities firm, and notify the
securities firm.
A securities firm shall not establish a business relationship or conduct occasional
transactions with a customer before completing the CDD process. However, a
securities firm institution that meets all of the following requirements may first
obtain information on the identity of the customer and its beneficial owner(s) and
complete the verification after the establishment of a business relationship:
15. Money laundering and terrorism financing risks are effectively managed,
including adopting risk management procedures with respect to the circumstances
under which a customer may utilize the business relationship to complete a
transaction prior to verification.
16. It is necessary to do so to avoid interruption to the normal conduct of business
with the customer.
17. Verification of the identities of the customer and its beneficial owner(s) will be
completed as soon as reasonably practicable after the establishment of a business
relationship. The business relationship must be terminated if verification cannot be
completed within a reasonably practicable time limit, and the securities firm shall
notify its customer in advance of this requirement.
If a securities firm allows a customer to establish a business relationship with it
before the completion of CDD measures, it shall adopt relevant risk control
measures, including:
18. Set a deadline for completion of the CDD measures.
19. Before completion of the CDD measures, the AML/CFT supervising officer of
the business unit shall examine the dealings with the customer and report the CDD
progress to the senior officer regularly.
20. Before the completion of the CDD measures, the number and types of the
customer’s transactions shall be limited.
21. The securities firm shall use a risk-based approach to determine the risk level,
and set the “reasonably practical time limit” in item C of the preceding
subparagraph accordingly. Illustrative examples are as follows:
A. The CDD procedures shall be completed no later than 30 days after establishing
a business relationship.
B. If the CDD procedures are not completed within 30 days after establishing a
business relationship, the securities firm shall temporarily suspend the business
relationship with the customer, and avoid conducting any further transaction.
C. If the CDD procedures are not completed within 120 days after establishing the
business relationship, the securities firm shall terminate the business relationship
with the customer.
22.When a customer is a legal person, the securities firm shall ascertain whether it
can issue bearer shares by examining the customer’s articles of incorporation, or
asking the customer to issue an undertaking, or another means, and with respect to
any customer that has issued bearer shares, it shall adopt one of the following
measures to ensure that the information on beneficial owners is kept updated.
A. Require the customer to require its bearer share holders who have ultimate
controlling interest in the legal person to register their identities with the customer,
and require the customer to notify the securities firm when the identity of a
shareholder who has ultimate controlling interest in the legal person changes.
B. Require the customer, after every shareholder meeting, to give the securities
firm updated information on its beneficial owner(s), and to provide information on
shareholders who hold a certain percentage of bearer shares. However, the
customer shall promptly notify the securities firm when the customer learns for
any other reason about any change of identity of a shareholder who has ultimate
controlling interest in the legal person.
23. When the securities firm conducts CDD, it shall use adequate risk management
systems to determine whether the customer or any of its beneficial owner(s) or
senior management personnel is currently or was once a politically exposed person
at home or abroad or in an international organization:
A. If the customer or a beneficial owner of the customer is currently a politically
exposed person abroad, the customer shall be directly deemed a high risk customer,
and the enhanced CDD measures in Point 4, paragraph 1, subparagraph 1 shall be
adopted.
B. If the customer or a beneficial owner is currently a politically exposed person at
home or in an international organization, the securities firm shall evaluate the risks
before establishing a business relationship with the customer, and shall reevaluate
them every year subsequently. For a customer that has been recognized by the
securities firm as a high risk customer, the enhanced CDD measures in Point 4,
paragraph 1, subparagraph 1 shall be adopted.
C. If any senior management personnel of a customer is currently a politically
exposed person at home or abroad or in an international organization, the
securities firm shall consider the senior managing official’s influence over the
customer to determine whether to adopt the enhanced CDD measures in Point 4,
paragraph 1, subparagraph 1.
D. Regarding a politically exposed person at home or abroad or in an international
organization who is not incumbent, the securities firm shall consider relevant risk
factors and then evaluate the person’s influence, and determine through a risk-
based approach whether the provisions in the preceding three items should be
applied to the person.
E. The preceding four items also apply to family members and close associates of
any politically exposed person. The scope of family members and close associates
shall be determined as provided in the latter part of paragraph 4 of Article 7 of the
Money Laundering Control Act.
F. When a beneficial owner or senior management personnel of a customer that is
listed in sub-items a, b, c, or h of item C of subparagraph 7 is a politically exposed
person, the provisions of items A to E of this subparagraph do not apply.
24. Other compliance matters in connection with CDD measures:
A. To establish business relations with a customer, or to conduct financial
transactions exceeding a certain dollar amount with a walk-in customer, or when it
suspects that a customer's documents are insufficient to establish positive
identification, a securities firm shall use a government-issued identity document or
another identification document to confirm the customer’s identity, and then
record the result.
B. A securities firm shall adopt enhanced CDD measures for a customer that opens
a brokerage account and conducts transactions via a professional intermediary.
C. A securities firm shall adopt enhanced CDD measures for a customer seeking
personal wealth management services.
D. A securities firm shall adopt enhanced CDD measures for a customer that is
blacklisted by another securities firm.
E. A securities firm shall use CDD procedures that enable it to identify non-face-
to-face customers just as effectively as it identifies other customers, and must
further have special and adequate measures to reduce risk.
F. When a business relationship is established over the Internet, the process shall
be in accordance with relevant due diligence procedures which are adopted in
accordance with the requirements of, and accepted for recordation by, the
competent authority.
G. When a customer mandates or authorizes another to establish a business
relationship, or when a securities firm does not discover a suspicion about a
customer until after the securities firm has already established the business
relationship with the customer, the securities firm must verify the situation by
telephone or written correspondence, or by making a site visit.
H. When a customer establishes a business relations by mail correspondence, after
the business relationship is established, the securities firm must send its return
correspondence by registered mail to substantiate it.
I. If a securities firm discovers, without violating any law or regulation, or finds it
necessary to assume, that funds flowing through a customer's account come from
corruption or misuse of public assets, the securities firm shall refuse to handle the
transactions or terminate the business relationship altogether.
J. When a securities firm is unable to complete CDD procedures for a customer, it
shall consider reporting the suspicion of money laundering or terrorism financing
related to the customer.
K. When a securities firm suspects that a customer or a transaction involves
money laundering or terrorism financing, and the securities firm reasonably
believes that carrying out CDD procedures may disclose information to the
customer, it may refrain from performing the procedures and report the suspicion
of money laundering or terrorism financing instead.
L. Other matters requiring attention in establishing business relationships shall
without exception be handled in accordance with the internal operating rules and
procedures of the securities firm.
25. The securities firm shall report suspicion of money laundering or terrorism
financing in accordance with Article 10 of the Money Laundering Control Act
when it establishes a business relationship or conducts a transaction with any
counterparty specified in subparagraph 1, item H. If that counterparty is an
individual, legal person, or organization that is sanctioned under the Counter-
Terrorism Financing Act, the securities firm, from the day it comes to know so,
shall refrain from doing any of the acts set out in Article 7, paragraph 1 of the
Counter-Terrorism Financing Act, and shall carry out reporting procedures as set
out in the Counter-Terrorism Financing Act (the reporting should be done in the
format that is downloadable from the website of the Ministry of Justice
Investigation Bureau [MJIB]). If any circumstance contemplated by subparagraph
2 or 3 of paragraph 1, Article 6 of the Counter-Terrorism Financing Act existed
with respect to the securities firm before the aforesaid counterparty was sanctioned,
the securities firm shall apply to the Ministry of Justice for permission in
accordance with the Counter-Terrorism Financing Act.
A securities firm’s CDD measures shall include ongoing due diligence on
customer identity, and shall be conducted in accordance with the following
provisions:
1. A securities firm shall apply CDD measures to existing customers on the basis
of materiality and risk, and conduct due diligence on existing relationships at
appropriate times, taking into account whether and when CDD measures have
previously been undertaken and the adequacy of data obtained. The aforesaid
appropriate times shall at least include:
A. When the customer opens another new account or establishes a new business
relationship.
B. When it is time for periodic review of the customer scheduled on the basis of
materiality and risk.
C. When it becomes known that there is a material change to the customer's
identity or background information.
2. A securities firm shall conduct ongoing due diligence on the business
relationship to scrutinize transactions undertaken throughout the course of the
relationship to ensure that the transactions being conducted are consistent with the
securities firm's knowledge of the customer, its business and risk profile, including,
where necessary, the source of funds.
3. A securities firm shall periodically review the adequacy of the information
obtained in respect of customers and beneficial owners and ensure that the
information is kept up to date, particular for higher risk categories of customers,
whose reviews shall be conducted at least once every year, while the review
frequency for other customers shall be determined by a risk-based approach.
4.A securities firm can rely on existing customer records from its previously
conducted CDD procedures to undertake identification and verification. Therefore,
a securities firm is allowed to carry out transactions without repeatedly identifying
and verifying the identity of an existing customer. However, a securities firm shall
conduct CDD measures again in accordance with Point 2 if it has doubts about the
veracity or adequacy of the records, or there is a suspicion of money laundering in
relation to that customer, or there is a material change in the way that the
customer’s transactions or account are operated, which is not consistent with the
customer’s business profile.
A securities firm shall determine the extent of applying CDD and ongoing due
diligence monitoring measures using a risk-based approach (RBA), including:
1. For higher risk circumstances, a securities firm institution shall perform
enhanced CDD or ongoing due diligence measures by adopting additionally at
least the following enhanced measures:
A. Before establishing or entering a new business relationship, the securities firm
shall obtain the approval of senior management at a level of approval authorization
based on internal risk considerations.
B. A securities firm shall take reasonable measures to understand the sources of
the customer’s wealth and funds. The sources of funds means the real sources of
the funds; for example, salary and wages, investment income, and real estate
transactions.
C. A securities firm shall conduct enhanced ongoing monitoring of the business
dealings and relationship.
2. For customers from countries or regions with high risks of money laundering or
terrorism financing, a securities firm shall conduct enhanced CDD measures
consistent with the risks identified.
3. For lower risk circumstances, a securities firm may apply simplified CDD
measures, which shall be commensurate with the lower risk factors. However
simplified CDD measures are not allowed in any of the following circumstances:
A. Where the customers are from or in countries or jurisdictions known to have
inadequate AML/CFT regimes, including but not limited to those which are
designated by international organizations on AML/CFT as countries or regions
with serious deficiencies in their AML/CFT regime, and other countries or regions
that do not or insufficiently comply with the recommendations of international
organizations on AML/CFT as forwarded by the Financial Supervisory
Commission (FSC).
B. Where there is a suspicion of money laundering or terrorist financing in relation
to the customer or the transaction.
Simplified CDD measures that a securities firm may take are as follows:
1. Lower the frequency of customer identity information updates.
2. Lower the level of ongoing monitoring, and set a reasonable monetary amount
threshold as the basis of examining transactions.
3. When the purpose and nature of the type of transactions or the established
business relationship can be inferred from the transactions or relationship
themselves, the securities firm is not required to further collect specific
information or carry out special measures to examine the purpose and nature of the
business dealings and relationship.
A securities firm shall perform its own CDD operations. However if it is otherwise
permitted by laws and regulations or the FSC that a securities firm may rely on
third parties to perform the identification and verification of the identities of
customers, agents, and beneficial owners or the purpose and intended nature of the
business relationship, the securities firm relying on the third party shall still bear
the ultimate responsibility for CDD measures and comply with the following
provisions:
1. A securities firm relying on a third party shall be able to immediately obtain the
necessary CDD information.
2. A securities firm shall take adequate steps to ensure that identification data and
other relevant documentation relating to the CDD requirements will be made
available from the third party upon request without delay.
3. A securities firm shall ensure that the third party it relies on is regulated,
supervised or monitored, and has appropriate measures in place for compliance
with CDD and record-keeping requirements.
4. A securities firm shall ensure that the jurisdiction where the third party it relies
on is based has AML/CFT regulations in place that are consistent with the
standards set out by the FATF.
A securities firm's watch list filtering mechanisms for customers and transaction-
related counterparties shall be handled in accordance with the following provisions:
1. A securities firm shall establish policies and procedures for watch list filtering,
using a risk-based approach, to detect, match, and filter whether customers, or the
senior managerial officers, beneficial owners or trading counterparties of
customers are individuals, legal persons or organizations sanctioned under the
Counter-Terrorism Financing Act or terrorists or terrorist groups identified or
investigated by a foreign government or an international organization. If so, the
securities firm shall take the measures under Point 2, subparagraph 15.
2. The policies and procedures for customer and transaction counterparty watch
list filtering shall include at least matching and filtering logics, implementation
procedures and evaluation standards, and shall be documented.
3. A securities firm shall document its name and account filtering operations and
maintain the records for a time period in accordance with Point 10.
4. The filtering mechanism shall be tested, including testing for the following:
A. Whether the sanctions list and threshold settings are based on the risk-based
approach.
B. Correctness and completeness of data input and corresponding fields in the
system.
C. Logic of matching and screening.
D. Model validation.
E. Correctness and completeness of data output.
5. Based on the test results, confirm whether the filtering mechanism can still
adequately reflects risks, and modify the mechanism in a timely manner.
A securities firm’s ongoing monitoring of account and transaction shall be in
accordance with the following provisions:
1. A securities firm shall progressively make use of information systems to
integrate the basic information and transaction information of the entire
company’s customers so that the head office and branches may carry out inquiries
for the purpose of prevention of money laundering and countering terrorism
financing, so as to strengthen its ability to monitor accounts and transactions. A
securities firm shall also establish internal control procedures for requests and
inquiries as to customer information made by various units and shall exercise care
to ensure the confidentiality of the information.
2. A securities firm shall establish policies and procedures for account and
transaction monitoring using a risk-based approach, and use the information
system to assist in the detection of suspicious money laundering or terrorism
financing transactions.
3. A securities firm shall review its policies and procedures for account and
transaction monitoring based on AML/CFT laws and regulations, the nature of
customers, business size and complexity, money laundering and terrorism
financing trends and related information gathered from internal and external
sources, and its internal risk assessment results, and update those policies and
procedures periodically.
4. A securities firm's policies and procedures for account and transaction
monitoring shall include at least complete money laundering and terrorism